cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2803
Views
3
Helpful
16
Replies

Cisco ASDM 7.14(1) asdm web access not working

GClarkeEQLS
Level 1
Level 1

Hi,

Was wondering is someone could assist me. We have 2 ASA 5516-X FirePower appliances, I upgraded them to the lasted ASA and ASMD images but due to LDAP certification based authentication error had to roll back the changes (another issue for another time). The issue I am facing now is that for one of the ASAs, I am no longer able to access it via ASDM nor can I navigate to it via HTTP, I can only access it via CLI (putty).

If I reboot the ASA, I get a very small window where I can connect to it via ASDM (and navigate to the admin portal via HTTP) but after 10secs, connection seizes and times out.

I have checked that aaa is configured correct by comparing to working ASA - I have also checked that HTTP/ASDM management through outside and inside interface are correct.

Finally, the running config hasnt been modified during upgrade and rollback so stumped at to what has happened.

Any help/suggestion would be greatly appreciated.

Thanks

16 Replies 16

balaji.bandi
Hall of Fame
Hall of Fame

what is the ASA  Code running now and upgrade to ? (which was failed)

what logs do you see on the ASA when you try to connect o ASDM?

Is this HA ?

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hi Balagi,

what is the ASA Code running now and upgrade to ? (which was failed)
> By code I assume you mean software version? If so, current ASA version is 9.12.3 and wanted to upgrade to 9.16.4(this failed, I can expand on this issue in this request but thought best to solve one thing as a time).

what logs do you see on the ASA when you try to connect o ASDM?
>How can I see this information via CLI, currently on means I have to connect to issuing ASA is via console. If I could see logs would help me immensely.

Is this HA ?
> HA, do you mean High Availability? If so, I'll have to check, unfortunately I was given this operation without any documentation to support the setup.

Thanks,
Gowan

Get more information from you the party to address this correctly.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hi Balagi,

I'm not sure what you mean here. What further information do you require?

Thanks.

friend there is ASDM image and there is ASA image and both must be compatibility otherwise it not work 
Cisco Secure Firewall ASA Compatibility - Cisco

Hey MHM,
The images are compatible. As mentioned in original post, I have 2 appliances running the same ASA (asa9-14-4-lfbff-k8.SPA) and ASDM (asdm-7141-48.bin) images. One ASA/ADSM works as expected but the second is as outlined in the original post.
Thanks

Asa# verify flash:/asdm-7141-48.bin

Asa# show asdm image

Check the image and check if asa use right image or not

@MHM Cisco World - ran those commands on both ASAs
asdm is running from disk0 (again this is inherited setup and worked fine since implementation). verified and asa is using the right one. As mentioned in OP, if i reboot the appliance, for a 30sec window i can connect to asa via both webadmin and asdm but then connection drops as if host/destination cant be found. Its almost as if the host address changes - is there a way to see ASDM connection logs via CLI? 

debug http 255
debug asdm history 255

GClarkeEQLS
Level 1
Level 1

@MHM Cisco World 

Thanks for those commands see below:

http output:

<asaappliance>(config)# HTTP: Periodic admin session check (idle-timeout = 1200, session-timeout = 0)
HTTP: Periodic admin session check (idle-timeout = 1200, session-timeout = 0)
HTTP: Periodic admin session check (idle-timeout = 1200, session-timeout = 0)
HTTP: Periodic admin session check (idle-timeout = 1200, session-timeout = 0)
HTTP: Periodic admin session check (idle-timeout = 1200, session-timeout = 0)
HTTP: Periodic admin session check (idle-timeout = 1200, session-timeout = 0)
HTTP: Periodic admin session check (idle-timeout = 1200, session-timeout = 0)
HTTP: Periodic admin session check (idle-timeout = 1200, session-timeout = 0)
HTTP: Periodic admin session check (idle-timeout = 1200, session-timeout = 0)
HTTP: Periodic admin session check (idle-timeout = 1200, session-timeout = 0)
HTTP: Periodic admin session check (idle-timeout = 1200, session-timeout = 0)
HTTP: Periodic admin session check (idle-timeout = 1200, session-timeout = 0)
HTTP: Periodic admin session check (idle-timeout = 1200, session-timeout = 0)
HTTP: Periodic admin session check (idle-timeout = 1200, session-timeout = 0)
HTTP: Periodic admin session check (idle-timeout = 1200, session-timeout = 0)
HTTP: Periodic admin session check (idle-timeout = 1200, session-timeout = 0)
HTTP: Periodic admin session check (idle-timeout = 1200, session-timeout = 0)
HTTP: Periodic admin session check (idle-timeout = 1200, session-timeout = 0)
HTTP: Periodic admin session check (idle-timeout = 1200, session-timeout = 0)
HTTP: Periodic admin session check (idle-timeout = 1200, session-timeout = 0)

Will provide ASDM output asap.

However, debugging the above error i happened upon this article.

https://community.cisco.com/t5/network-security/asa5505-asdm-won-t-launch/td-p/2360302/page/3

Thanks

@MHM Cisco World - sorry for the delay - ran that command for ASDM but go no response from the appliance. I will have to reboot OOH and see if i can get result then.

@MHM Cisco World - ran the debug asdm command - no response from the appliance. What I did do is check what resources are being called when I try to connect to the web admin portal - please see results in attached image - based on that information - seems that those components cant be found and therefore call to access cannot be fulfilled. I have even tried to changed ASDM to version asdm7151-150.bin - same issue. Any ideas? Ty.

Bro, seems some of ASDM modules not running. Did you check the firewall in case of any restriction?

@Max Jobs - sorry for lack of attention to this, had another project take precedence. So ASDM is working again - dont know how but the consistent trend was connectivity timeouts/packet drops. Going to try upgrade FW of ASA again - this time applying interim upgrades.